VDB
CVE-2025-39774
CVE-2025-39774
PUBLISHED
CVSS 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2l_adc: Set driver data before enabling runtime PM When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier for another device (e.g., a thermal hardware block that reads temperature through the ADC), it may happen that the ADC device is runtime-resumed immediately after runtime PM is enabled, triggered by its consumer. At this point, since drvdata is not yet set and the driver's runtime PM callbacks rely on it, a crash can occur. To avoid this, set drvdata just after it was allocated.
EPSS 0.03% · 7.4th percentile
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.03%
7.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 6.14, 6.14, 6.14 |
| Linux | Linux | 89ee8174e8c8db0efc75b26f2307114b38d61354, 89ee8174e8c8db0efc75b26f2307114b38d61354, 6.14 |
Timeline
- Sep 11, 2025 CVE Published
- Sep 12, 2025 EPSS Score
- Sep 19, 2025 EPSS Score
- Sep 26, 2025 EPSS Score
- Oct 4, 2025 EPSS Score
- Oct 11, 2025 EPSS Score
- Oct 18, 2025 EPSS Score
- Oct 25, 2025 EPSS Score
- Nov 1, 2025 EPSS Score
- Nov 9, 2025 EPSS Score
- Nov 16, 2025 EPSS Score
- Nov 20, 2025 CVE Updated